Главная Обзор Помощь
Вход
chengwenliang
/
nshop
1
0
Ответвить 0
Файлы Задачи 0 Запросы на слияние 0 Вики
Дерево: 8a0ea5d12a
Ветки Метки
nshop
/
packages
/
Longyi
/
RewardPoints
/
src
/
Http
/
Middleware
/
ApiCustomerAuthenticate.php

ApiCustomerAuthenticate.php 4.5 KB
История Исходник

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143 
  1. <?php
    2. 

  2. 

  3. namespace Longyi\RewardPoints\Http\Middleware;
    4. 

  4. 

  5. use Closure;
    6. 

  6. use Illuminate\Http\Request;
    7. 

  7. use Symfony\Component\HttpFoundation\Response;
    8. 

  8. use Laravel\Sanctum\PersonalAccessToken;
    9. 

  9. use Webkul\BagistoApi\Services\ApiKeyService;
    10. 

  10. 

  11. class ApiCustomerAuthenticate
    12. 

  12. {
    13. 

  13.     protected ?ApiKeyService $apiKeyService = null;
    14. 

  14. 

  15.     /**
    16. 

  16.      * Handle an incoming request.
    17. 

  17.      *
    18. 

  18.      * 支持三种认证方式:
    19. 

  19.      * 1. Session Cookie(传统 Web 登录)
    20. 

  20.      * 2. Sanctum Bearer Token(BagistoApi 登录)
    21. 

  21.      * 3. Storefront Key(X-STOREFRONT-KEY 请求头)→ 由 BagistoApi 的 ApiKeyService 统一验证
    22. 

  22.      *
    23. 

  23.      * @param  \Closure(\Illuminate\Http\Request): (\Symfony\Component\HttpFoundation\Response)  $next
    24. 

  24.      */
    25. 

  25.     public function handle(Request $request, Closure $next): Response
    26. 

  26.     {
    27. 

  27.         // 方式 3: Storefront Key 认证(X-STOREFRONT-KEY 请求头)
    28. 

  28.         $storefrontKey = $request->header('X-STOREFRONT-KEY');
    29. 

  29.         if ($storefrontKey) {
    30. 

  30.             $apiKeyService = $this->getApiKeyService();
    31. 

  31. 

  32.             // 验证 key 有效性
    33. 

  33.             $validation = $apiKeyService->validate(
    34. 

  34.                 $storefrontKey,
    35. 

  35.                 ApiKeyService::KEY_TYPE_SHOP,
    36. 

  36.                 $request->ip()
    37. 

  37.             );
    38. 

  38. 

  39.             if (! ($validation['valid'] ?? false)) {
    40. 

  40.                 return response()->json([
    41. 

  41.                     'error'   => 'invalid_storefront_key',
    42. 

  42.                     'message' => $validation['message'] ?? 'The provided storefront key is invalid or inactive.',
    43. 

  43.                 ], 403);
    44. 

  44.             }
    45. 

  45. 

  46.             // 频率限制检查
    47. 

  47.             $rateLimit = $apiKeyService->checkRateLimit($validation['client']);
    48. 

  48.             if (! ($rateLimit['allowed'] ?? false)) {
    49. 

  49.                 return response()->json([
    50. 

  50.                     'error'       => 'rate_limit_exceeded',
    51. 

  51.                     'message'     => 'Rate limit exceeded. Please retry later.',
    52. 

  52.                     'retry_after' => $rateLimit['reset_at'] ?? 60,
    53. 

  53.                 ], 429);
    54. 

  54.             }
    55. 

  55. 

  56.             return $next($request);
    57. 

  57.         } else {
    58. 

  58.             return response()->json([
    59. 

  59.                 'error'   => 'invalid_storefront_key',
    60. 

  60.                 'message' => 'X-STOREFRONT-KEY header is required',
    61. 

  61.             ], 403);
    62. 

  62.         }
    63. 

  63. 

  64.         // 方式 1: Session Cookie 认证(传统 Web 登录)
    65. 

  65.         if (auth()->guard('customer')->check()) {
    66. 

  66.             return $next($request);
    67. 

  67.         }
    68. 

  68. 

  69.         // 方式 2: Sanctum Bearer Token 认证(BagistoApi 登录)
    70. 

  70.         if ($request->bearerToken()) {
    71. 

  71.             $customer = $this->authenticateViaSanctum($request);
    72. 

  72. 

  73.             if ($customer) {
    74. 

  74.                 // 将 Sanctum 认证的用户设置到 customer guard
    75. 

  75.                 auth()->guard('customer')->setUser($customer);
    76. 

  76.                 return $next($request);
    77. 

  77.             }
    78. 

  78.         }
    79. 

  79. 

  80.         // 都未认证,返回 JSON 错误
    81. 

  81.         return response()->json([
    82. 

  82.             'error' => 'Please login first',
    83. 

  83.             'message' => 'Authentication required. Please login via /customer/login (Session) or /api/shop/customer/login (Token)'
    84. 

  84.         ], 401);
    85. 

  85.     }
    86. 

  86. 

  87.     /**
    88. 

  88.      * 懒加载 ApiKeyService 实例
    89. 

  89.      */
    90. 

  90.     protected function getApiKeyService(): ApiKeyService
    91. 

  91.     {
    92. 

  92.         return $this->apiKeyService ??= app(ApiKeyService::class);
    93. 

  93.     }
    94. 

  94. 

  95.     /**
    96. 

  96.      * 通过 Sanctum Token 验证客户
    97. 

  97.      *
    98. 

  98.      * @return \Webkul\Customer\Models\Customer|null
    99. 

  99.      */
    100. 

  100.     protected function authenticateViaSanctum(Request $request)
    101. 

  101.     {
    102. 

  102.         $token = $request->bearerToken();
    103. 

  103. 

  104.         if (!$token) {
    105. 

  105.             return null;
    106. 

  106.         }
    107. 

  107. 

  108.         try {
    109. 

  109.             // 使用 Sanctum 的 PersonalAccessToken 模型验证
    110. 

  110.             $accessToken = PersonalAccessToken::findToken($token);
    111. 

  111. 

  112.             if (!$accessToken) {
    113. 

  113.                 return null;
    114. 

  114.             }
    115. 

  115. 

  116.             // 检查 Token 是否过期
    117. 

  117.             if ($accessToken->expires_at && $accessToken->expires_at->isPast()) {
    118. 

  118.                 return null;
    119. 

  119.             }
    120. 

  120. 

  121.             // 获取关联的用户模型
    122. 

  122.             $tokenable = $accessToken->tokenable;
    123. 

  123. 

  124.             // 确保是 Customer 模型
    125. 

  125.             if (!$tokenable || !($tokenable instanceof \Webkul\Customer\Models\Customer)) {
    126. 

  126.                 return null;
    127. 

  127.             }
    128. 

  128. 

  129.             // 更新 Token 最后使用时间
    130. 

  130.             $accessToken->touch();
    131. 

  131. 

  132.             return $tokenable;
    133. 

  133. 

  134.         } catch (\Exception $e) {
    135. 

  135.             // 记录错误日志(可选)
    136. 

  136.             \Log::debug('Sanctum authentication failed', [
    137. 

  137.                 'error' => $e->getMessage()
    138. 

  138.             ]);
    139. 

  139. 

  140.             return null;
    141. 

  141.         }
    142. 

  142.     }
    143. 

  143. }
    144.